ServiceNow Integration

Connect ServiceNow to let the AI agent query your CMDB and ITSM data during investigations — configuration items and their relationships (for blast-radius analysis), incidents, problems, change requests, assignment groups, users, and knowledge articles. You can also sync ServiceNow services, teams, and people into the Autoheal catalog.

note

This integration is read-only. Autoheal queries ServiceNow but never creates or modifies records. Receiving ServiceNow events as an alert source and writing back to tickets are not part of this integration.

Capabilities

Once connected, the AI agent can:

Capability	Description
Query the CMDB	Read configuration items across any class (cmdb_ci and its descendants)
Service topology & blast radius	Fetch a CI together with its upstream/downstream relationships in one call
Incidents, problems, changes	Read incident, problem, and change_request records for RCA timelines and change-risk analysis
Assignment groups & users	Look up sys_user_group and sys_user records for SME routing
Knowledge articles	Search kb_knowledge for runbooks, SOPs, and architecture notes
Aggregate counts	Group-by counts over any table (e.g. CIs per class) for coverage questions
Catalog sync	Import ServiceNow services, assignment groups, and users into the Autoheal catalog

The agent reads ServiceNow through its REST APIs — the Table API (/api/now/table/{table}), the CMDB Instance API (/api/now/cmdb/instance/{class}/{sys_id}), and the Aggregate API (/api/now/stats/{table}).

Prerequisites

• A ServiceNow instance (e.g. https://acme.service-now.com)
• A service account (local ServiceNow user) for Autoheal to authenticate as
• Read access to the tables you want the agent to use (CMDB, incident, problem, change_request, sys_user, sys_user_group, kb_knowledge)

Setup

1

Create a Read-Only Service Account

1. In ServiceNow, go to User Administration → Users and create a dedicated user (e.g. autoheal.svc)
2. Set a strong password and clear Web service access only is optional — basic auth works either way
3. Grant read access. The simplest path is the built-in snc_read_only role plus any roles your instance requires to read the CMDB, incident, problem, change, and knowledge tables. Alternatively, grant table-level read ACLs for those tables only

2

Add the Integration in Autoheal

1. Go to Integrations in Autoheal and click ServiceNow
2. Enter a name (e.g. "Production ServiceNow")

3

Configure Credentials

Enter the following:

• Instance URL: your instance base URL, e.g. https://acme.service-now.com (not the REST API path)
• Username: the service-account username
• Password: the service-account password

note

For security, Autoheal only sends credentials to ServiceNow-owned domains (*.service-now.com, *.servicenowservices.com). If your instance is fronted by a custom/vanity domain (e.g. https://snow.acme.com), ask your Autoheal operator to add that host (or its parent domain) to the SERVICENOW_ALLOWED_INSTANCE_HOSTS deployment setting before saving — otherwise the Instance URL is rejected as not allowed.

4

Test and Save

Click Test Connection to verify, then Save. The connection test reads a single row from sys_user.

Required Permissions

The service account needs read access to the tables the agent will query:

Table	Why it's needed
cmdb_ci (+ class tables) and cmdb_rel_ci	Configuration items and their relationships (topology, blast radius)
incident	Incident timelines for root-cause analysis and customer impact
problem	Problem records for the RCA ledger
change_request	Change records for change-risk and blast-radius analysis
sys_user_group, sys_user, sys_user_grmember	Assignment groups, users, and membership for SME routing
kb_knowledge	Knowledge articles (runbooks, SOPs)

tip

Grant read-only access only. Autoheal never writes to ServiceNow, so the service account does not need any write or admin roles.

Example Queries

Once connected, you can ask the AI agent questions like:

Show me the open P1 incidents for the Payments business service

What does the payments-api CI depend on, and what depends on it?

List the change requests that touched the checkout database in the last 7 days

Which assignment group owns the order-service, and who are its members?

How many configuration items exist per CMDB class?

Catalog Sync

ServiceNow can populate the Autoheal catalog with your organizational context:

ServiceNow source	Catalog entity
Assignment groups (sys_user_group)	Team
Users (sys_user)	Person
Business / application services (cmdb_ci_service)	Service
Configuration items (cmdb_ci)	Configuration Item

Because a CMDB can hold tens of thousands of items, the sync runs as a background job that pages through ServiceNow with rate-limiting, so it never blocks the UI. Trigger it with an authenticated POST /api/v1/catalog/servicenow/sync/{integrationId} (the caller needs integration-write access for the tenant); a dedicated UI action is coming. Re-run it any time to refresh — entities are matched on their ServiceNow sys_id, so re-runs update in place.

note

The catalog sync brings in entities, ownership, and group membership. Fine-grained CI-to-CI dependency edges are read on demand during investigations via the CMDB relationship lookup, so the catalog stays accurate without snapshotting the entire relationship graph.

Troubleshooting

401 Unauthorized

• Verify the username and password are correct and the account is active
• Confirm the Instance URL is your ServiceNow base URL (e.g. https://acme.service-now.com), not an API path
• If your instance enforces SSO, ensure the service account can still authenticate with basic auth (local login)

403 Forbidden / Empty Results for a Table

• The service account lacks read access (ACL/role) for that table
• Grant snc_read_only or the specific table read ACLs (see Required Permissions)

No Records Returned

• Check your filter — ServiceNow uses encoded query syntax (e.g. active=true^priority=1), not SQL
• Reference fields (assignment group, CI) are matched by display value by default; confirm the name matches
• Widen the time range or remove filters to confirm data exists

Instance URL Rejected / Not an Allowed Domain

• Autoheal only sends credentials to ServiceNow-owned domains (*.service-now.com, *.servicenowservices.com)
• If your instance uses a custom/vanity domain (e.g. https://snow.acme.com), ask your Autoheal operator to add that host or its parent domain to the SERVICENOW_ALLOWED_INSTANCE_HOSTS deployment setting, then save again
• The URL must use https and be the base URL (no path, query, or fragment)

Rate Limiting / Slow Catalog Sync

• ServiceNow enforces per-instance and per-account transaction limits
• The agent and the catalog sync both rate-limit their requests; very large CMDBs simply take longer to sync
• Use more specific queries (fewer fields, tighter filters) to keep responses fast